Top 2017 Cybersecurity Stories

2017 is coming to an end.  Seems like it just started!  Anyway, another year is in the books and we’re taking an opportunity to re-cap the biggest cybersecurity stories.  When big malware attacks or breaches occur, it seems like there is a huge amount of intense attention for a short period of time and then the story fades away quickly (unless, of course, you were a victim).  So it’s interesting to look back and see the major stories that all happened in just the last 12 months.

 

WannaCry Ransomware

WannaCry began affecting hundreds of thousands of computers worldwide on May 12. It was nefarious–exploiting a Windows vulnerability that Shadow Brokers revealed in April.  Parts of the UK’s national health system were affected and medical service interrupted.  A major, major ransomware attack that brought cybersecurity vulnerabilities linked to real world disruptions to the international spotlight.

 

Shadow Brokers

Nobody knows for sure who this mysterious hacking group is.  In 2016, they boasted of having stolen the hacking tools of the Equation Group, which was linked to the NSA.  Theses included ways to exploit vulnerabilities in commercial hardware and software products.  In April of this year, they released a Windows exploit called EternalBlue.  Even though Microsoft had issued a patch earlier in the year, many organizations using Windows hadn’t installed it and were vulnerable to major ransomware attacks.  This leak and its subsequent exploitation caused many to question the rationale for governments collecting exploits of commercially available software.

 

Wikileaks CIA Vault 7

Wikileaks releases information purportedly taken from the CIA showing hacking tools–including ways to exploit vulnerabilities in things like WI-Fi and mobile devices.

 

Deep Root Analytics

In June a security researcher discovered that the political data firm didn’t set its privacy controls on its AWS storage set-up and made personally identifiable information on more than 198 million US voters available without password, for about two weeks, to anybody who came upon it.

 

CloudBleed

In February Cloudflare revealed that a security bug in its software allowed customer information from the millions of consumer-facing websites it serves to leak.  Cloudflare clients include major brands like Uber, OKCupid, Fitbit.

 

The Mirai Botnet

The Mirai Botnet was the most powerful botnet ever created.  Its attack in the fall of 2016 on Dyn raised the prospect of major botnet attacks bringing down core infrastructure of the internet.  It’s included in our 2017 list, because the amazing story of finding and prosecuting its creators just came to a conclusion:  https://www.wired.com/story/mirai-botnet-minecraft-scam-brought-down-the-internet/

 

The Equifax Hack

The stealing of Social Security numbers, birth dates, addresses and more personal information of at least 143 million Americans.

 

Magnet Solutions Group provides managed security services.